22 February 2017 Matt Sisson, Projects and Membership Manager
Two weeks ago we alerted readers to a significant fraud risk involving a phishing email that asked recipients to update or confirm their university intranet HR / Bank details. The details provided were then used to divert payroll to fraudulent accounts. We provided full details on the fraud discussion boards. The fraud has recently gained the attention of the National Fraud Investigation Bureau (NFIB) who, among other suggestions, have advised universities to “prompt all staff and students to change any password associated with their university email/IT accounts. Due to potential data breaches, it is recommended that universities discuss with the IT departments about issuing a mandatory password reset for all users”.
It's clear that with many fraud types there is significant overlap between IT, Finance, and other professional university departments. Since this fraud first broke, we’ve had contact from a number of university IT teams asking us for access to the BUFDG alert service, which we’ve been happy to provide. If you know of an IT colleague who would be interested in receiving the alerts or that, for purposes of making your counter-fraud role easier, it would be helpful to have them on the list, then please let Matt know and we’ll add them to the system.